diff options
-rw-r--r-- | conf/inspircd.conf.example | 395 | ||||
-rw-r--r-- | conf/links.conf.example | 111 | ||||
-rw-r--r-- | conf/modules.conf.example | 89 | ||||
-rw-r--r-- | conf/opers.conf.example | 116 |
4 files changed, 352 insertions, 359 deletions
diff --git a/conf/inspircd.conf.example b/conf/inspircd.conf.example index fc8c1962c..ede4a5d4e 100644 --- a/conf/inspircd.conf.example +++ b/conf/inspircd.conf.example @@ -22,6 +22,9 @@ # # # $Id$ # # # +# If you would like more detailed options, but a slightly more # +# painful configuration, please see inspircd.conf.example.old # +# # # ____ _ _____ _ _ ____ _ _ _ # # | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # # | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # @@ -39,45 +42,42 @@ # # ######################################################################## +#-#-#-#-#-#-#-#-#-# INCLUDE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# This optional tag allows you to include another config file # +# allowing you to keep your configuration tidy. The configuration # +# file you include will be treated as part of the configuration file # +# which includes it, in simple terms the inclusion is transparent. # +# # +# All paths to config files are relative to the directory of the main # +# config file inspircd.conf, unless the filename starts with a forward# +# slash (/) in which case it is treated as an absolute path. # +# # +# You may also include an executable file, in which case if you do so # +# the output of the executable on the standard output will be added # +# to your config at the point of the include tag. # +# # +# Syntax is as follows: # +#<include file="file.conf"> # +#<include executable="/path/to/executable parameters"> # +# # + #-#-#-#-#-#-#-#-#-#-#-#- SERVER DESCRIPTION -#-#-#-#-#-#-#-#-#-#-#-#- # # # Here is where you enter the information about your server. # # # -# Syntax is as follows: # -# # -# <server name="server.name" # -# description="Server Description" # -# id="serverid" # -# network="MyNetwork"> # -# # -# The server name should be a syntactically valid hostname, with at # -# least one '.', and does not need to resolve to an IP address. # -# # -# The description is freeform text. Remember you may put quotes in # -# this field by escaping it using \". # -# # -# The network field indicates the network name given in on connect # -# to clients. It is used by many clients such as mIRC to select a # -# perform list, so it should be identical on all servers on a net # -# and should not contain spaces. # -# # -# The server ID is optional, and if omitted automatically calculated # -# from the server name and description. This is similar in # -# in behaviour to the server id on ircu and charybdis ircds. # -# You should only need to set this manually if there is a collision # -# between two server ID's on the network. The server ID must be # -# three digits or letters long, of which the first digit must always # -# be a number, and the other two letters may be any of 0-9 and A-Z. # -# For example, 3F9, 03J and 666 are all valid server IDs, and A9D, # -# QFX and 5eR are not. Remember, in most cases you will not need to # -# even set this value, it is calculated for you from your server # -# name and description. Changing these will change your auto- # -# generated ID. # -# # - -<server name="penguin.omega.org.za" + +<server + # name: Hostname of your server. Does not need to be valid. + name="penguin.omega.org.za" + + # description: Server description. Spaces are allowed. description="Waddle World" + + # network: Network name given on connect to clients. + # Should be the same on all servers on the network and + # not contain spaces. network="Omega"> @@ -199,26 +199,6 @@ <power diepass="" restartpass="" pause="2"> -#-#-#-#-#-#-#-#-#-# INCLUDE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# This optional tag allows you to include another config file # -# allowing you to keep your configuration tidy. The configuration # -# file you include will be treated as part of the configuration file # -# which includes it, in simple terms the inclusion is transparent. # -# # -# All paths to config files are relative to the directory of the main # -# config file inspircd.conf, unless the filename starts with a forward# -# slash (/) in which case it is treated as an absolute path. # -# # -# You may also include an executable file, in which case if you do so # -# the output of the executable on the standard output will be added # -# to your config at the point of the include tag. # -# # -# Syntax is as follows: # -#<include file="file.conf"> # -#<include executable="/path/to/executable parameters"> # -# # - #-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # # This is where you can configure which connections are allowed # @@ -366,310 +346,13 @@ ipv4clone="32" ipv6clone="128"> -#-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- -# # -# Classes are a group of commands which are grouped together and # -# given a unique name. They're used to define which commands # -# are available to certain types of Operators. # -# # -# Syntax is as follows: # -# # -# <class name="name" commands="oper commands" # -# usermodes="allowed oper only usermodes" # -# chanmodes="allowed oper only channelmodes"> # -# # -# The name value indicates a name for this class. # -# The commands value indicates a list of one or more commands that # -# are allowed by this class (see also 'READ THIS BIT' below). # -# The usermodes and chanmodes values indicate lists of usermodes and # -# channel modes this oper can execute. This only applies to modes # -# that are marked oper-only such as usermode +Q and channelmode +O. # -# ____ _ _____ _ _ ____ _ _ _ # -# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # -# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # -# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # -# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # -# # -# You are not forced to give these classes the names given below. # -# You can create your own named classes, if you want, in fact that # -# is the whole idea of this system! # -# # -# Note: It is possible to make a class which covers all available # -# commands. To do this, specify commands="*". This is not really # -# recommended, as it negates the whole purpose of the class system, # -# however it is provided for fast configuration (e.g. in test nets) # -# # - -<class name="Shutdown" commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOAD" usermodes="*" chanmodes="*"> -<class name="ServerLink" commands="CONNECT SQUIT RCONNECT MKPASSWD MKSHA256" usermodes="*" chanmodes="*"> -<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE" usermodes="*" chanmodes="*"> -<class name="OperChat" commands="WALLOPS GLOBOPS SETIDLE SPYLIST SPYNAMES" usermodes="*" chanmodes="*"> -<class name="HostCloak" commands="SETHOST SETIDENT SETNAME CHGHOST CHGIDENT" usermodes="*" chanmodes="*"> - - -#-#-#-#-#-#-#-#-#-#-#-#- OPERATOR COMPOSITION -#-#-#-#-#-#-#-#-#-#-# -# # -# This is where you specify which types of operators you have on # -# your server, as well as the commands they are allowed to use. # -# This works alongside with the classes specified above. # -# # -# type name - A name for the combined class types. # -# a type name cannot contain spaces, however if you # -# put an _ symbol in the name, it will be translated # -# to a space when displayed in a WHOIS. # -# # -# classes - Specified above, used for flexibility for the # -# server admin to decide on which operators get # -# what commands. Class names are case sensitive, # -# separate multiple class names with spaces. # -# # -# host - Optional hostmask operators will receive on oper-up. # -# # -# Syntax is as follows: # -# # -# <type name="name" classes="class names" host="oper hostmask"> # -# # -# ____ _ _____ _ _ ____ _ _ _ # -# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # -# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # -# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # -# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # -# # -# You are not forced to give these types the names given below. # -# You can create your own named types, if you want, in fact that # -# is the whole idea of this system! # -# # - -<type name="NetAdmin" classes="OperChat BanControl HostCloak Shutdown ServerLink" host="netadmin.omega.org.za"> -<type name="GlobalOp" classes="OperChat BanControl HostCloak ServerLink" host="ircop.omega.org.za"> -<type name="Helper" classes="HostCloak" host="helper.omega.org.za"> - - -#-#-#-#-#-#-#-#-#-#-#- OPERATOR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# -# # -# Opers are defined here. This is a very important section. # -# Remember to only make operators out of trust worthy people. # -# # -# name - Oper name, this is case sensitive, so it is best to # -# use lower-case. # -# # -# password - Password to oper-up, also case sensitive. # -# encryption is supported via modules. You may load # -# modules for MD5 or SHA256 encryption, and if you do, # -# this value will be a hash value, otherwise put a # -# plaintext password in this value. # -# # -# host - Hosts of client allowed to oper-up. # -# wildcards accepted, separate multiple hosts with a # -# space. You may also specify CIDR IP addresses. # -# # -# fingerprint - When using the m_ssl_oper_cert.so module, you may # -# specify a key fingerprint here. This can be obtained # -# using the /fingerprint command whilst the module is # -# loaded, or from the notice given to you when you # -# connect to the ircd using a client certificate, # -# and will lock this oper block to only the user who # -# has that specific key/certificate pair. # -# this enhances security a great deal, however it # -# requires that opers use clients which can send ssl # -# client certificates, if this is configured for that # -# oper. Note that if the m_ssl_oper.so module is not # -# loaded, and/or one of m_ssl_openssl or m_ssl_gnutls # -# is not loaded, this configuration option has no # -# effect and will be ignored. # -# # -# type - Defines the kind of operator. This must match a type # -# tag you defined above, and is case sensitive. # -# # -# Syntax is as follows: # -# <oper name="login" # -# password="pass" # -# host="hostmask@of.oper" # -# fingerprint="hexsequence" # -# type="oper type"> # -# # - -<oper name="Brain" - password="s3cret" - host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16" - type="NetAdmin"> - - -#-#-#-#-#-#-#-#-#-#-#- SERVER LINK CONFIGURATION -#-#-#-#-#-#-#-#-#-# -# # -# Defines which servers can link to this one, and which servers this # -# server may create outbound links to. # -# # -# name - The name is the canonical name of the server, does # -# not have to resolve - but it is expected to be set # -# in the remote servers connection info. # -# # -# ipaddr - Valid host or IP address for remote server. These # -# hosts are resolved on rehash, and cached, if you # -# specify a hostname; so if you find that your server # -# is still trying to connect to an old IP after you # -# have updated your DNS, try rehashing and then # -# attempting the connect again. # -# # -# port - The TCP port for the remote server. # -# # -# sendpass - Password to send to create an outbound connection # -# to this server. # -# # -# recvpass - Password to receive to accept an inbound connection # -# from this server. # -# # -# autoconnect - Sets the server to autoconnect. Where x is the num. # -# (optional) of seconds between attempts. e.g. 300 = 5 minutes. # -# # -# transport - If defined, this is a transport name implemented by # -# another module. Transports are layers on top of # -# plaintext connections, which alter them in certain # -# ways. Currently the three supported transports are # -# 'openssl' and 'gnutls' which are types of SSL # -# encryption, and 'zip' which is for compression. # -# If you define a transport, both ends of the # -# connection must use a compatible transport for the # -# link to succeed. OpenSSL and GnuTLS are link- # -# compatible with each other. # -# # -# statshidden - When using m_spanningtree.so for linking. you may # -# set this to 'yes', and if you do, the IP address/ # -# hostname of this connection will NEVER be shown to # -# any opers on the network. In /stats c its address # -# will show as *@<hidden>, and during CONNECT and # -# inbound connections, it's IP will show as <hidden> # -# UNLESS the connection fails (e.g. due to a bad # -# password or servername) # -# # -# allowmask - When this is defined, it indicates a range of IP # -# addresses to allow for this link (You may use CIDR # -# or wildcard form for this address). # -# e.g. if your server is going to connect to you from # -# the range 1.2.3.1 through 1.2.3.255, put 1.2.3.0/24 # -# into this value. If it is not defined, then only # -# the ipaddr field of the server shall be allowed. # -# # -# failover - If you define this option, it must be the name of a # -# different link tag in your configuration. This # -# option causes the ircd to attempt a connection to # -# the failover link in the event that the connection # -# to this server fails. For example, you could define # -# two hub uplinks to a leaf server, and set an # -# american server to autoconnect, with a european # -# hub as its failover. In this situation, your ircd # -# will only try the link to the european hub if the # -# american hub is unreachable. NOTE that for the # -# intents and purposes of this option, an unreachable # -# server is one which DOES NOT ANSWER THE CONNECTION. # -# If the server answers the connection with accept(), # -# EVEN IF THE CREDENTIALS ARE INVALID, the failover # -# link will not be tried! Failover settings will also # -# apply to autoconnected servers as well as manually # -# connected ones. # -# # -# timeout - If this is defined, then outbound connections will # -# time out if they are not connected within this many # -# seconds. If this is not defined, the default of ten # -# seconds is used. # -# # -# bind - If you specify this value, then when creating an # -# outbound connection to the given server, the IP you # -# place here will be bound to. This is for multi- # -# homed servers which may have multiple IP addresses. # -# if you do not define this value, the first IP that # -# is not empty or localhost from your <bind> tags # -# will be bound to. This is usually acceptable, # -# however if your server has multiple network cards # -# then you may have to manually specify the bind # -# value instead of leaving it to automatic binding. # -# you can usually tell if you need to set this by # -# looking for the error 'Could not assign requested # -# address' in your log when connecting to servers. # -# # -# hidden - If this is set to true, yes, or 1, then the server # -# is completely hidden from non-opers. It does not # -# show in /links and it does not show in /map. Also, # -# any servers which are child servers of this one # -# in the network will *also* be hidden. Use with # -# care! You can use this to 'mask off' sections of # -# the network so that users only see a small portion # -# of a much larger net. It should NOT be relied upon # -# as a security tool, unless it is being used for # -# example to hide a non-client hub, for which clients # -# do not have an IP address or resolvable hostname. # -# # -# To u:line a server (give it extra privileges required for running # -# services, Q, etc) you must include the <uline server> tag as shown # -# in the example below. You can have as many of these as you like. # -# # -# WARNING: Unlike other ircds, u:lining a server allows ALL users on # -# that server to operoverride modes. This should only be used for # -# services and protected oper servers! # -# # -# ------------------------------------------------------------------- # -# # -# NOTE: If you have built your server as an IPv6 server, then when a # -# DNS lookup of a server's host occurs, AAAA records (IPv6) are # -# prioritised over A records (IPv4). Therefore, if the server you are # -# connecting to has both an IPv6 IP address and an IPv4 IP address in # -# its DNS entry, the IPv6 address will *always* be selected. To # -# change this behaviour simply specify the IPv4 IP address rather # -# than the hostname of the server. # -# # -# ------------------------------------------------------------------- # -# # -# ____ _ _____ _ _ ____ _ _ _ # -# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # -# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # -# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # -# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # -# # -# If you want to link servers to InspIRCd you must load the # -# m_spanningtree.so module! Please see the modules list below for # -# information on how to load this module! If you do not load this # -# module, server links will NOT work! # -# # -# Also, if you define any transports, you must load the modules for # -# these transports BEFORE you load m_spanningtree, e.g. place them # -# above it in the configuration file. Currently this means the three # -# modules m_ssl_gnutls, m_ziplinks and m_ssl_openssl, depending on # -# which you choose to use. # -# # - -<link name="hub.penguin.org" - ipaddr="penguin.box.com" - port="7000" - allowmask="69.58.44.0/24" - autoconnect="300" - failover="hub.other.net" - timeout="15" - transport="gnutls" - bind="1.2.3.4" - statshidden="no" - hidden="no" - sendpass="outgoing!password" - recvpass="incoming!password"> - -<link name="services.antarctic.com" - ipaddr="localhost" - port="7000" - allowmask="127.0.0.0/8" - sendpass="penguins" - recvpass="polarbears"> - - -#-#-#-#-#-#-#-#-#-#-#-#- ULINES CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# -# This tag defines a ulined server. A U-Lined server has special # -# permissions, and should be used with caution. Services servers are # -# usually u-lined in this manner. # -# # -# The 'silent' value, if set to yes, indicates that this server should# -# not generate quit and connect notices, which can cut down on noise # -# to opers on the network. # -# # -<uline server="services.antarctic.com" silent="yes"> +# This file has all the information about oper classes, types and o:lines. +# You *MUST* edit it. +<include file="opers.conf.example"> +# This file has all the information about server links and ulined servers. +# You *MUST* edit it if you intend to link servers. +<include file="links.conf.example"> #-#-#-#-#-#-#-#-#-#- MISCELLANEOUS CONFIGURATION -#-#-#-#-#-#-#-#-#-# # # diff --git a/conf/links.conf.example b/conf/links.conf.example new file mode 100644 index 000000000..e304cd0e6 --- /dev/null +++ b/conf/links.conf.example @@ -0,0 +1,111 @@ +#-#-#-#-#-#-#-#-#-#-#- SERVER LINK CONFIGURATION -#-#-#-#-#-#-#-#-#-# +# # +# Defines which servers can link to this one, and which servers this # +# server may create outbound links to. # +# # +# If you would like more detailed options, but a slightly more # +# painful configuration, please see inspircd.conf.example.old # +# # +# ____ _ _____ _ _ ____ _ _ _ # +# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # +# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # +# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # +# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # +# # +# If you want to link servers to InspIRCd you must load the # +# m_spanningtree.so module! Please see the modules list below for # +# information on how to load this module! If you do not load this # +# module, server links will NOT work! # +# # +# Also, if you define any transports, you must load the modules for # +# these transports BEFORE you load m_spanningtree, e.g. place them # +# above it in the configuration file. Currently this means the three # +# modules m_ssl_gnutls, m_ziplinks and m_ssl_openssl, depending on # +# which you choose to use. # +# # + +<link name="hub.penguin.org" + + # ipaddr: The IP address of the remote server. + # Can also be a hostname, but hostname must resolve. + ipaddr="penguin.box.com" + + # port: the port to connect to this server on + port="7000" + + # allowmask: Range of IP addresses to allow for this link. + # Can be a CIDR (see example). + allowmask="69.58.44.0/24" + + # autoconnect: Time to wait to attempt to autoconnect + # to remote server (in seconds). + autoconnect="300" + + # failover: If defined, if this link fails, + # what is the next link that is tried. + failover="hub.other.net" + + # timeout: If defined, this option defines how long the server + # will wait to consider the connect attempt failed and try the + # failover (see above). + timeout="15" + + # transport: If defined, this states extra modules that can be + # used in the connection. Options are: "openssl" and "gnutls" + # for encryption (they are compatible with each other) and + # "zip" for compression. You must use the same (or a compa- + # tible) transport on both sides of the link. + transport="gnutls" + + # bind: Local IP address to bind to. + bind="1.2.3.4" + + # statshidden: defines if IP is shown to opers when + # /stats c is invoked. + statshidden="no" + + # hidden: If this is set to yes, this server and it's "child" + # servers will not be shown when users do a /map or /links + hidden="no" + + # passwords: the passwords we send and recieve. + # The remote server will have these passwords reversed. + sendpass="outgoing!password" + recvpass="incoming!password"> + +# A duplicate of the first link block without comments +# if you like copying & pasting. +<link name="hub.penguin.org" + ipaddr="penguin.box.com" + port="7000" + allowmask="69.58.44.0/24" + autoconnect="300" + failover="hub.other.net" + timeout="15" + transport="gnutls" + bind="1.2.3.4" + statshidden="no" + hidden="no" + sendpass="outgoing!password" + recvpass="incoming!password"> + +# Link block for services. Options are the same as for the first +# link block (depending on what your services package supports). +<link name="services.antarctic.com" + ipaddr="localhost" + port="7000" + allowmask="127.0.0.0/8" + sendpass="penguins" + recvpass="polarbears"> + + +#-#-#-#-#-#-#-#-#-#-#-#- ULINES CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# +# This tag defines a ulined server. A U-Lined server has special # +# permissions, and should be used with caution. Services servers are # +# usually u-lined in this manner. # +# # +# The 'silent' value, if set to yes, indicates that this server should# +# not generate quit and connect notices, which can cut down on noise # +# to opers on the network. # +# # +<uline server="services.antarctic.com" silent="yes"> diff --git a/conf/modules.conf.example b/conf/modules.conf.example index cd40f50d5..6b5bb6dbe 100644 --- a/conf/modules.conf.example +++ b/conf/modules.conf.example @@ -32,6 +32,7 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Spanning Tree module - allows linking of servers using the spanning # tree protocol (see the READ THIS BIT section above). +# You will almost always want to load this. # #<module name="m_spanningtree.so"> @@ -162,7 +163,9 @@ #<module name="m_allowinvite.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Alltime module: Shows time on all connected servers at once +# Alltime module: Shows time on all connected servers at once. +# This module is oper-only and provides /alltime. +# To use, ALLTIME must be in one of your oper class blocks. #<module name="m_alltime.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -276,6 +279,8 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # CBAN module: Lets you disallow channels from being used at runtime. +# This module is oper-only and provides /cban. +# To use, CBAN must be in one of your oper class blocks. #<module name="m_cban.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -334,7 +339,8 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Channel create module: Adds snomask +j, which will notify opers of -# any new channels that are created +# any new channels that are created. +# This module is oper-only. #<module name="m_chancreate.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -365,10 +371,14 @@ # Check module: gives /check # Check is useful for looking up information on channels, # users, IP addresses and hosts. +# This module is oper-only. +# To use, CHECK must be in one of your oper class blocks. #<module name="m_check.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # CHGHOST module: Adds the /CHGHOST command +# This module is oper-only. +# To use, CHGHOST must be in one of your oper class blocks. #<module name="m_chghost.so"> # #-#-#-#-#-#-#-#-# /CHGHOST - /SETHOST CONFIGURATION #-#-#-#-#-#-#-#-# @@ -382,16 +392,22 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # CHGIDENT module: Adds the /CHGIDENT command +# This module is oper-only. +# To use, CHGIDENT must be in one of your oper class blocks. #<module name="m_chgident.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # CHGNAME module: Adds the /CHGNAME command +# This module is oper-only. +# To use, CHGNAME must be in one of your oper class blocks. #<module name="m_chgname.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Cloaking module: Adds usermode +x and cloaking support. # Relies on the module m_md5.so being loaded before m_cloaking.so in # the configuration file. +# To use, you should enable m_conn_umodes and add +x as +# an enabled mode. See the m_conn_umodes module for more information. #<module name="m_cloaking.so"> # #-#-#-#-#-#-#-#-#-#-#- CLOAKING CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# @@ -427,12 +443,16 @@ #-#-#-#-#-#-#-#-#-#-#-#- CLOSE MODULE #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Close module: Allows an oper to close all unregistered connections. +# This module is oper-only and provides /close. +# To use, CLOSE must be in one of your oper class blocks. #<module name="m_close.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Clones module: Adds an oper command /CLONES for detecting cloned # users. Warning: This module may be resource intensive when its # command is issued, use with care. +# This module is oper-only. +# To use, CLONES must be in one of your oper class blocks. #<module name="m_clones.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -661,11 +681,17 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Globops module: gives /GLOBOPS and SNOMASK +g +# This module is oper-only. +# To use, GLOBOPS must be in one of your oper class blocks. #<module name="m_globops.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Global load module: Allows loading and unloading of modules network- # wide (USE WITH EXTREME CAUTION!) +# This module is oper-only and provides /gloadmodule, /gunloadmodule +# and /greloadmodule. +# To use, GLOADMODULE, GUNLOADMODULE and GRELOADMODULE +# must be in one of your oper class blocks. #<module name="m_globalload.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -683,11 +709,13 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # HIDECHANS module: Allows opers to hide their channels list from non- # opers by setting user mode +I on themselves. +# This module is oper-only. # <module name="m_hidechans.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # HIDEOPER module: Allows opers to hide their oper status from non- # opers by setting user mode +H on themselves. +# This module is oper-only. # <module name="m_hideoper.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -787,6 +815,8 @@ # IMPORTANT NOTE: To allow this mode to be used by a type of oper, you # must first add the value canquiet="yes" to that oper's type tag. # +# This module is oper-only. +# #<module name="m_invisible.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -795,6 +825,8 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Jump Server module: Adds support for the RPL_REDIR numeric +# This module is oper-only. +# To use, JUMPSERVER must be in one of your oper class blocks. #<module name="m_jumpserver.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -860,6 +892,9 @@ # you can control who has access to this possible dangerous command. # # If your server is locked and you got disconnected, do a REHASH from # # shell to open up again. +# +# This module is oper-only. +# #<module name="m_lockserv.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -906,6 +941,8 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Nicklock module: Let opers change a user's nick and then stop that # user from changing their nick again. +# This module is oper-only. +# To use, NICKLOCK and NICKUNLOCK must be in one of your oper class blocks. #<module name="m_nicklock.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -929,10 +966,12 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper channels mode: Adds the +O channel mode +# This module is oper-only. #<module name="m_operchans.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper flood module: Removes flood limits from users upon opering up +# This module is oper-only. #<module name="m_operflood.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -940,13 +979,14 @@ # given oper type masks. # e.g, /mode #channel +iI O:* is equivilant to chmode +O, but you # may also, e.g. /mode #channel +iI O:AdminTypeOnly to only allow admins. -# +# This module is oper-only. # +be work in a similar fashion. # #<module name="m_operinvex.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper Join module: Auto-joins opers to a channel upon oper-up +# This module is oper-only. For the user equivalent, see m_conn_join. #<module name="m_operjoin.so"> # #-#-#-#-#-#-#-#-#-#-# OPERJOIN CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# @@ -969,11 +1009,13 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper log module: Logs all oper commands to the ircd log at default # loglevel. +# This module is oper-only. #<module name="m_operlog.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper MOTD module: Provides support for seperate message of the day # on oper-up +# This module is oper-only. #<module name="m_opermotd.so"> # #-#-#-#-#-#-#-#-#-#-# OPERMOTD CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# @@ -984,6 +1026,7 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Override module: Adds support for oper override +# This module is oper-only. #<module name="m_override.so"> # #-#-#-#-#-#-#-#-#-#-# OVERRIDE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# @@ -995,18 +1038,21 @@ # Oper levels module: Gives each oper a level and prevents # actions being taken against higher level opers # Specify the level as the 'level' parameter of the <type> tag +# # This module is oper-only. #<module name="m_operlevels.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper modes module: Allows you to specify modes to add/remove on oper # Specify the modes as the 'modes' parameter of the <type> tag # and/or as the 'modes' parameter of the <oper> tag. +# This module is oper-only. For the user equivalent, see m_conn_umodes #<module name="m_opermodes.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper password hash module: Allows hashed oper passwords # Relies on the module m_md5.so and/or m_sha256.so being loaded before # m_password_hash.so in the configuration file. +# This module is oper-only. #<module name="m_password_hash.so"> # #-#-#-#-#-#-#-#-#-#-# OPER HASH CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# @@ -1031,6 +1077,7 @@ # therefore keep things like modes, ban lists and topic. Permanent # channels -may- need support from your Services package to function # properly with them. This adds channel mode +P. +# This module is oper-only. #<module name="m_permchannels.so"> # # You may also create channels on startup by using the <permchannels> block. @@ -1183,22 +1230,32 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SAJOIN module: Adds the /SAJOIN command +# This module is oper-only. +# To use, SAJOIN must be in one of your oper class blocks. #<module name="m_sajoin.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SAMODE module: Adds the oper /SAMODE command +# This module is oper-only. +# To use, SAMODE must be in one of your oper class blocks. #<module name="m_samode.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SANICK module: Allows opers to change user's nicks +# This module is oper-only. +# To use, SANICK must be in one of your oper class blocks. #<module name="m_sanick.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SAPART module: Adds the oper /SAPART command +# This module is oper-only. +# To use, SAPART must be in one of your oper class blocks. #<module name="m_sapart.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SAQUIT module: Adds the oper /SAQUIT command (abusable!!!) +# This module is oper-only. +# To use, SAQUIT must be in one of your oper class blocks. #<module name="m_saquit.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1232,11 +1289,14 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # See nicks module: Allow for SNOMASK +N which shows nick changes. +# This module is oper-only. #<module name="m_seenicks.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Set Idle module: Adds a command for opers to change their # idle time (mainly a toy) +# This module is oper-only. +# To use, SETIDLE must be in one of your oper class blocks. #<module name="m_setidle.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1247,6 +1307,8 @@ # N O T E!! # >> This CAN NOT be used at the same time as m_services_account << # N O T E!! +# *** This module DOES NOT support Atheme services, please use *** +# *** m_services_account if you are planning on using Atheme. *** #<module name="m_services.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1265,15 +1327,21 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Sethost module: Adds the /SETHOST command +# This module is oper-only. +# To use, SETHOST must be in one of your oper class blocks. # See m_chghost for how to customise valid chars for hostnames #<module name="m_sethost.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Setident module: Adds the /SETIDENT command +# This module is oper-only. +# To use, SETIDENT must be in one of your oper class blocks. #<module name="m_setident.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SETNAME module: Adds the /SETNAME command +# This module is oper-only. +# To use, SETNAME must be in one of your oper class blocks. #<module name="m_setname.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1284,11 +1352,14 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Show Whois module: Adds the +W usermode which allows opers # to see when they are whois'ed (can be annoying). +# This module is oper-only. #<module name="m_showwhois.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Shun module: Provides the /shun command, which stops a user executing # most commands. +# This module is oper-only. +# To use, SHUN must be in one of your oper class blocks. #<module name="m_shun.so"> # # You may also configure which commands you wish a user to be able to @@ -1301,6 +1372,7 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Spy module: Provides the ability to see the complete names list of # channels an oper is not a member of +# This module is oper-only. #<module name="m_spy.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1362,6 +1434,7 @@ # be loaded. An extra value should be added to enabled opers, which # is in the following format: fingerprint="<hash>". For more information, # see the example in the oper blocks. +# This module is oper-only. #<module name="m_ssl_oper_cert.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1448,11 +1521,15 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SWHOIS module: Allows you to add arbitary lines to user WHOIS. +# This module is oper-only. +# To use, SWHOIS must be in one of your oper class blocks. #<module name="m_swhois.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Taxonomy module: Adds the /TAXONOMY command, used to view all # metadata attached to a user. +# This module is oper-only. +# To use, TAXONOMY must be in one of your oper class blocks. #<module name="m_taxonomy.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1461,11 +1538,15 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Timed bans module: Adds timed bans and the /TBAN command +# This module is oper-only. +# To use, TBAN must be in one of your oper class blocks. #<module name="m_timedbans.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Test line module: Adds the /TLINE command, used to test how many # users a /GLINE or /ZLINE etc would match. +# This module is oper-only. +# To use, TLINE must be in one of your oper class blocks. #<module name="m_tline.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1484,6 +1565,8 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Userip module: Adds the /USERIP command +# This module is oper-only. +# To use, USERIP must be in one of your oper class blocks. #<module name="m_userip.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# diff --git a/conf/opers.conf.example b/conf/opers.conf.example new file mode 100644 index 000000000..27e748781 --- /dev/null +++ b/conf/opers.conf.example @@ -0,0 +1,116 @@ +#-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- +# # +# Classes are a group of commands which are grouped together and # +# given a unique name. They're used to define which commands # +# are available to certain types of Operators. # +# # +# # +# Note: It is possible to make a class which covers all available # +# commands. To do this, specify commands="*". This is not really # +# recommended, as it negates the whole purpose of the class system, # +# however it is provided for fast configuration (e.g. in test nets) # +# # + +<class + name="Shutdown" + + # commands: oper commands that users of this class can run. + commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOAD" + + # usermodes: Oper-only usermodes that opers with this class can use. + usermodes="*" + + # chanmodes: Oper-only channel modes that opers with this class can use. + chanmodes="*"> + +<class name="ServerLink" commands="CONNECT SQUIT RCONNECT MKPASSWD MKSHA256" usermodes="*" chanmodes="*"> +<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE" usermodes="*" chanmodes="*"> +<class name="OperChat" commands="WALLOPS GLOBOPS SETIDLE SPYLIST SPYNAMES" usermodes="*" chanmodes="*"> +<class name="HostCloak" commands="SETHOST SETIDENT SETNAME CHGHOST CHGIDENT" usermodes="*" chanmodes="*"> + + +#-#-#-#-#-#-#-#-#-#-#-#- OPERATOR COMPOSITION -#-#-#-#-#-#-#-#-#-#-# +# # +# This is where you specify which types of operators you have on # +# your server, as well as the commands they are allowed to use. # +# This works alongside with the classes specified above. # +# # + +<type + # name: Name of type. Used in actual olines below. + # Cannot contain spaces. If you would like a space, use + # the _ character instead and it will translate to a space on whois. + name="NetAdmin" + + # classes: classes (above blocks) that this type belongs to. + classes="OperChat BanControl HostCloak Shutdown ServerLink" + + # host: host oper gets on oper-up. This is optional. + host="netadmin.omega.org.za" + + # modes: usermodes besides +o that are set on a oper of this type + # when they oper up. Used for snomasks and other things. + # Requires that m_opermodes.so be loaded. + modes="+n"> + +<type name="GlobalOp" classes="OperChat BanControl HostCloak ServerLink" host="ircop.omega.org.za"> +<type name="Helper" classes="HostCloak" host="helper.omega.org.za"> + + +#-#-#-#-#-#-#-#-#-#-#- OPERATOR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# +# # +# Opers are defined here. This is a very important section. # +# Remember to only make operators out of trust worthy people. # +# # + +# oline with plain-text password +<oper + # name: oper login that is used to oper up (/oper name password). + # Remember: This is case sensitive + name="Brain" + + # password: case-sensitive, unhashed...yea...self-explanatory. + password="s3cret" + + # host: What hostnames/IP's are allowed to oper up with this oline. + # Multiple options can be separated by spaces and CIDR's are allowed. + host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16" + + # ** ADVANCED ** This option is disabled by default. + # fingerprint: When using the m_oper_ssl_cert module, you may specify + # a key fingerprint here. This can be obtained by using the + # /fingerprint command while the module is loaded. This enhances + # security by verifying that the person opering up has the matching + # key/certificate combination. This enhances security a great deal. + # If m_oper_ssl and/or m_ssl_gnutls/m_ssl_openssl aren't loaded, + # this option will be ignored. + #fingerprint="67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4" + + # type: What oper type this oline is. See the block above for list + # of types. NOTE: This is case-sensitive as well. + type="NetAdmin"> + +# oline with hashed password. It is highly recommended to use hashed passwords. +<oper + # name: oper login that is used to oper up (/oper name password). + # Remember: This is case sensitive + name="Brain" + + # hash: what hash this password is hashed with. requires the module + # for selected hash (m_md5.so, m_sha256.so or m_ripemd160) be + # loaded and the oper password hashing module (m_password_hash.so) + # loaded. Options here are: "md5", "sha256" and "ripemd160". + hash="sha256" + + # password: a hash of your password (see above option) hashed + # with /mkpasswd *hash* *password* . See m_password_hash in modules.conf + # for more information about password hashing. + password="1ec1c26b50d5d3c58d9583181af8076655fe00756bf7285940ba3670f99fcba0" + + # host: What hostnames/IP's are allowed to oper up with this oline. + # Multiple options can be separated by spaces and CIDR's are allowed. + host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16" + + # type: What oper type this oline is. See the block above for list + # of types. NOTE: This is case-sensitive as well. + type="NetAdmin"> |